This page is maintained by The Setup to answer common security and privacy questions about our platform. It describes controls that are enabled today; it is not an independent certification.
Security is a partnership. Our hosting platform provides infrastructure controls; The Setup configures the application, access, and data practices described below; and every user is responsible for protecting their own account credentials.
Accounts are protected by email + password authentication with sign-in via a secure hosted auth service. Admin routes are gated by server-side role checks. Passwords are never stored in plaintext.
All traffic to the site and API is served over HTTPS with modern TLS. Data between the browser, application, and database is encrypted in transit.
The Setup runs on a managed cloud platform with a Postgres database and a globally distributed edge runtime. Row-Level Security policies enforce per-user data access at the database layer.
Account information (email, name, handle), profile content you upload, project and payment activity, and app usage logs. We collect only what's needed to run the marketplace, matching, education, and payments.
To run the marketplace, match creators with brands, process payments, deliver certificates, and improve the service. We do not sell your personal data.
We use functional cookies to keep you signed in and remember preferences. Product analytics are limited to what's needed to improve the platform.
We keep account data while your account is active, and only as long as needed after that for legal and financial reasons. You can request deletion or export at any time.
If a security incident affects your account or data, we will notify affected users and take corrective action. Report a concern using the contacts below.
We share data with vendors only as needed to operate the service. Each vendor is limited to the data required for its role.
| Vendor | Purpose |
|---|---|
| Managed Cloud Platform | Application hosting & managed backend |
| Postgres Database | Database, authentication & row-level security |
| Cloudflare | Edge runtime, CDN & DDoS protection |
| AI Gateway | AI features used inside the platform |
Found a vulnerability, suspicious behaviour, or something that looks wrong? Please contact us directly — we take every report seriously.